1 Answer
1

A Vaudenay Attack, also called a padding oracle attack, is not an attack on static data or the encryption algorithm. Rather it is a protocol attack that involves repeatedly passing modified messages to the server and examining the return codes to decipher the data. The underlying problem is that the padding is validated before the HMAC is validated. As the HMAC cannot be forged without knowing the shared secret, modified messages in the attack have incorrect HMACs.

In short, the attack scenario that you presented is an incorrect application of a Vaudenay attack and cannot be executed on static data.

While I accept that the attack is not usually on static data, in this scenario one can run the encryption algorithm (which is given) and essentially act as the server. In other words, the attacker can manipulate the data, present it to a 'server' and examine the result.
– antNov 9 '15 at 7:35

1

How can you run the encryption algorithm without having the key? The attack relies on the server knowing the key to be able to decrypt the message and find a padding problem. But you don't have the key so you can't do that. I guess I don't understand.
– Neil SmithlineNov 9 '15 at 7:44

Thank you! You have supplied the point I missed; in the protocol attack, the server has the key, so can decrypt the modified data, and it's responses can be observerd. In the static-data case, as you point out, the key is not available even if the algorithm is known, so decryption is not possible.
– antNov 9 '15 at 8:06